General

  • Target

    5aa66b437c774b8fe1f7a13768ff7f9b_JaffaCakes118

  • Size

    215KB

  • Sample

    240519-wccdbaac2y

  • MD5

    5aa66b437c774b8fe1f7a13768ff7f9b

  • SHA1

    f6718e3b6b983a936ad37b79cb1690e3064a26db

  • SHA256

    69e2c8fdb35f989de8d25ef79a500c205c6f7ba42ed3f8a53344d37cd27e55bd

  • SHA512

    32bbbb3cc7aab162989ebe4e20679b02d47a95e6337a2bffb1936c3c4e9a23edf223d05dfe6db8cb672fd356c6ec4a747a8df88bbde6df0cf58eb64756781c13

  • SSDEEP

    3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0n2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoKWGd

Malware Config

Extracted

Family

gozi

Attributes
  • build

    215165

Extracted

Family

gozi

Botnet

3153

C2

biesbetiop.com

kircherche.com

toforemedi.com

Attributes
  • build

    215165

  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    0x4eb7d2ca

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • exe_type

    loader

  • server_id

    12

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      5aa66b437c774b8fe1f7a13768ff7f9b_JaffaCakes118

    • Size

      215KB

    • MD5

      5aa66b437c774b8fe1f7a13768ff7f9b

    • SHA1

      f6718e3b6b983a936ad37b79cb1690e3064a26db

    • SHA256

      69e2c8fdb35f989de8d25ef79a500c205c6f7ba42ed3f8a53344d37cd27e55bd

    • SHA512

      32bbbb3cc7aab162989ebe4e20679b02d47a95e6337a2bffb1936c3c4e9a23edf223d05dfe6db8cb672fd356c6ec4a747a8df88bbde6df0cf58eb64756781c13

    • SSDEEP

      3072:Rb9pXDyUKdySqVgQZt8OdcjFfSvbke/0t4mwqWB55syoNdL0n2L6BWnqR+yV:BHXDy1qVvZnOe/HEyoKWGd

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

MITRE ATT&CK Matrix ATT&CK v13

Tasks